The version of Internet Explorer installed on the remote host is missing Cumulative Security Update 3124903. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     VBScript engine due to improper handling of objects in     memory. An attacker can exploit this vulnerability by     convincing a user to visit a specially crafted website     or open a Microsoft Office document containing an     embedded ActiveX control, resulting in execution of     arbitrary code in the context of the current user.
    (CVE-2016-0002)

  - An elevation of privilege vulnerability exists due to     improper enforcement of cross-domain policies. An     attacker can exploit this vulnerability to access     information from one domain and inject it into another     domain, resulting in a bypass of the cross-origin     policy and an elevation of privileges. (CVE-2016-0005)

Detections

Analytics

MS16-001: Cumulative Security Update for Internet Explorer (3124903)

high Nessus Plugin ID 87877

Version 1.12